0sec-labs/pwnkit — reverse-engineered prompt

Build me a command line security tool called pwnkit that lets someone point it at a website, AI chat endpoint, source folder, package, or crash folder and have an autonomous AI agent look for real security issues.

I want it to feel simple to use, like pwnkit scan --target https://example.com, but it should also support reviewing local source code, auditing packages, ingesting crash artifacts, showing past findings, opening a dashboard, and exporting results as JSON or SARIF for CI.

The important part is that it should behave like a real pentester, using shell commands and common security tools where available, trying to verify issues before reporting them, and producing clear findings with evidence, severity, reproduction steps, and suggested fixes.

Please make it installable as a standalone CLI, runnable through Node and Docker, and usable in a GitHub Action for code review. Use TypeScript, keep the project organized, add tests, and include practical docs and examples. Look up current docs online if you need to.